u-boot.git/lib/crypto, branch v2020.10 Unnamed repository; edit this file 'description' to name the repository. lib/crypto: simplify public_key_verify_signature 2020-08-08T17:03:12+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-08T16:57:47+00:00 9bdbc8ef983547e85704fe2f75431c88e1989e33 The variable region is filled but never used. Remove it. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The variable region is filled but never used. Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib: crypto: export and enhance pkcs7_verify_one() 2020-07-22T10:37:17+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:21+00:00 5ee81c6e3f9f6f851c69b1e3d2661d96671d1dd1 The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: add pkcs7_digest() 2020-07-22T10:36:29+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:20+00:00 05329fa4c0c7774d01945d94ad2e9079a338baa8 This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: import pkcs7_verify.c from linux 2020-07-22T10:35:45+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:19+00:00 063499e38e41bd23563fb6f98438ddd1ce0f7e6a The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.

In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: enable x509_check_for_self_signed() 2020-07-22T10:35:04+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:18+00:00 6244b3c7d947ca6465426f18922135595ce9cd44 When the file, x509_public_key.c, was imported from linux code in commit b4adf627d5b7 ("lib: crypto: add x509 parser"), x509_check_for_self_signed() was commented out for simplicity. Now it need be enabled in order to make pkcs7_verify_one(), which will be imported in a later patch, functional. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
When the file, x509_public_key.c, was imported from linux code in
    commit b4adf627d5b7 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.

Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
lib: crypto: add public_key_verify_signature() 2020-07-22T10:33:55+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:17+00:00 b2a1049b5c364961726add2796b6028b27008ca4 This function will be called from x509_check_for_self_signed() and pkcs7_verify_one(), which will be imported from linux in a later patch. While it does exist in linux code and has a similar functionality of rsa_verify(), it calls further linux-specific interfaces inside. That could lead to more files being imported from linux. So simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
common: Drop linux/bug.h from common header 2020-05-19T01:19:23+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:08+00:00 eb41d8a1befc45a30ccdab68fa3e099528486ffe Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
common: Drop log.h from common header 2020-05-19T01:19:18+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:05+00:00 f7ae49fc4f363a803dab3be078e93ead8e75a8e9 Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
lib/crypto, efi_loader: move some headers to include/crypto 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:38:17+00:00 e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular, secure boot. So move them to include/crypto to avoid relative paths. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Don't include include x509_parser.h twice. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib/crypto, efi_loader: avoid multiple inclusions of header files 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:37:52+00:00 7b8b63fb8ead9bd4041ab5424deb465f14ee172a By adding extra symbols, we can now avoid including x509_parser and pkcs7_parser.h files multiple times. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Don't include include x509_parser.h twice. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>